Skip to content

Commit

Permalink
Lecturer Photo Security
Browse files Browse the repository at this point in the history
  • Loading branch information
dyakovri committed Apr 6, 2024
1 parent e894bf8 commit 18f7013
Showing 1 changed file with 12 additions and 3 deletions.
15 changes: 12 additions & 3 deletions calendar_backend/routes/lecturer/photo.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
from fastapi import APIRouter, File, UploadFile
from fastapi import APIRouter, Depends, File, UploadFile
from fastapi_sqlalchemy import db
from auth_lib.fastapi import UnionAuth

from calendar_backend.exceptions import ObjectNotFound
from calendar_backend.methods.image import get_photo_webpath, upload_lecturer_photo
Expand All @@ -14,7 +15,11 @@


@router.post("/photo", response_model=Photo)
async def upload_photo(lecturer_id: int, photo: UploadFile = File(...)) -> Photo:
async def upload_photo(
lecturer_id: int,
photo: UploadFile = File(...),
_=Depends(UnionAuth(scopes=["timetable.lecturer.photo.create"])),
) -> Photo:
"""Загрузить фотографию преподавателя из локального файла
Пример загрузки файла на питоне
Expand Down Expand Up @@ -50,7 +55,11 @@ async def get_lecturer_photos(lecturer_id: int, limit: int = 10, offset: int = 0


@router.delete("/photo/{id}", response_model=None)
async def delete_photo(id: int, lecturer_id: int) -> None:
async def delete_photo(
id: int,
lecturer_id: int,
_=Depends(UnionAuth(scopes=["timetable.lecturer.photo.delete"])),
) -> None:
photo = DbPhoto.get(id, only_approved=False, session=db.session)
if photo.lecturer_id != lecturer_id:
raise ObjectNotFound(DbPhoto, id)
Expand Down

0 comments on commit 18f7013

Please sign in to comment.